Departing from traditional cybersecurity practices

Justine Bone, CEO of MedSec, provides an overview of what MedSec has accomplished within the past 2 years, and gives insight into the implications behind its research on St. Jude Medical's implantable devices.

Our company was founded by security researchers who wish to apply their expertise to the healthcare industry. For the past 18 months, our team has been quietly evaluating the security of various medical devices.

As a result of our research to date, one company, St Jude Medical, has stood out as lagging far behind. For years this company has continued to put patients at risk by profiting from the sale of devices and a device eco-system which has little to no built-in security. We believe St Jude Medical has known about security problems in their products since at least 2013, but it is apparent from the lack of security protections or mechanisms in their product line that very little action has been taken.

In order to help address patient safety, we have chosen to depart from standard cyber security operating procedures in order to bring this to the public’s attention and to ensure that St Jude Medical responds appropriately and with urgency. We have shared our research with an investment firm, Muddy Waters Capital, that is helping us deliver this message.

The time has come for us to re-think the way cyber security is managed. We acknowledge that our departure from traditional cyber security practices will draw criticism, but we believe this is the only way to spur St Jude Medical into action. Most importantly, we believe that both potential and existing patients have a right to know about their risks. Consumers need to start demanding transparency from these device manufacturers, especially as it applies to the quality and functionality of their products.

Justine Bone. CEO, MedSec.
ß
post
Author
Justine Bone
CEO & Director

Justine is a seasoned information technology and security executive with background in software security research, risk management, information security governance, and identity management. Her previous roles include Chief Information Security Officer at Dow Jones, a News Corporation company and publisher of the Wall Street Journal, CSO at Bloomberg L.P., CTO of Secured Worldwide, an NYC-based FinTech company, and CEO of well known vulnerability security research firm, Immunity Inc. Justine began her career as a vulnerability researcher with Internet Security Systems (now IBM) X-Force and New Zealand’s Government Communications Security Bureau.